Comodo Cybersecurity Zero-Day Challenge

September 13, 2019 posted by


Hi, I’m Steve Subar, President and CEO of
Comodo Cybersecurity. The endpoint security market is a very crowded
place. Scores of vendors compete for the attention
of end-users at large enterprises down to small businesses and consumers. How can a market sustain so many players? Mainly through churn – endpoint security
is probably the only software segment where customers experience buyer’s remorse even before they
commit to a solution. Why the dissatisfaction? Well, year after year, IT professionals and
consumers spend increasing dollars on antivirus software, but the malware problem just keeps
getting worse. Vendors boast detection rates of 99%, but
with 350,000 new pieces of malware appearing every day, such assurances leave the gates
open to thousands of threats. It’s no wonder that AV and endpoint solutions
users feel let down or downright deceived. The “detection deception” permeates the
whole AV industry. Take Google’s VirusTotal project. VirusTotal presents malware submissions to
AV engines from over 70 suppliers, and results are supposed to help improve the state of
the industry. But VirusTotal Terms of Service prohibits
using the service to compare vendors. Neither users nor researchers can reference
VirusTotal “to prove or disprove a concept or discredit . . . any actor in the anti-malware
space.” Simply put, AV vendors hide behind the VirusTotal
terms, deceiving customers about the effectiveness of AV solutions. Worse,
AV vendors piggyback on VirusTotal to garner new virus signatures and to implement whole
offerings. Google banished free-riding, requiring material
contribution, but many vendors give back trivially, without attribution. Also, vendors exaggerate the effectiveness of detection,
hide misidentification and false positives, and are benchmarking with repacked viruses and fake
malware. Vendors abuse VirusTotal, using the service
to support deceptive practices. The worst deception is that Detection is Not
Protection. The whole idea of detection is a scam, a paper
chase, needing prior encounters with a virus. New malware, including zero-day threats, slips
by AV tech, even with AI. Actual protection renders malware harmless,
but no vendor will admit it. Nor will they stand by results from VirusTotal. Until now. Join the Comodo Zero-Day Challenge. Submit malware to our Valkyrie engine. If Comodo cannot detect actual malware, we’ll
publicize your submission – you’ll be famous! If we correctly identify your submission,
we’ll still publicize it, with your name and photo, as proof of our technology. We dare other vendors to accept the same
challenge – serve the AV community through transparency. Comodo Cybertechnology. We stand by our technology.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *